There is a report from Frederick Chapleau on SELINUX causing problem on PPTPD. It affects user authentication with Winbind and Radius. SELINUX is enabled by default on Fedora, you may very likely run into this problem if you take all default settings when installing Fedora.
Frederick said in his email:
"This issue was not appearing with plain text file (chap.secret) or with CHAPv1 authentication. Only in the combination of MS-CHAPv2 and Winbind (with or without radius)"
Disabling SELINUX may be an easy fix but you may want to consider the security implication too.
For more information on this issue, please go to here.
Microsoft AD depends heavily on DNS. You should have the DNS server working first.
The pptp gateway should use the Active Directory DNS server instead of the one provided by your ISP. Otherwise, the gateway may have problems to locate the domain controller. Here is the /etc/resolv.conf in my test gateway.
search examplenet.org nameserver 10.0.0.1
The pptp gateway has two network cards. It is important that the default gateway is pointing to the Internet, your ISP router. Make sure that the internal network card does not have a default gateway address configured. Check the network card configuration files in /etc/sysconfig/network-scripts.
In my test setup, eth0 is the internal card and eth1 is the external one. In the /etc/sysconfig/network-scripts/ifcfg-eth0, it does not have the line GATEWAY="x.x.x.x". In the ifcfg-eth1, it has an entry GATEWAY="x.x.x.x" pointing to the ISP router ip address.
My test internal network has multiple subnets, static routes are set up to direct traffic correctly. If you have a simple single segment internal network, you can skip the following step and go to step 6.2.
To set up static routes in Fedora, create a file static-routes in /etc/sysconfig directory. My static-routes file has one line:
any net 172.16.0.0 netmask 255.255.255.0 dev eth0
The syntax of the line is important. The line must start with the word "any".
Check your routing table with the netstat command.
[root@pptp sysconfig]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.0.2 0.0.0.0 UG 0 0 0 eth1
For ppp to work, the packet forwarding must be enabled. Edit /etc/sysctl.conf with your favourite editor and change the line:
net.ipv4.ip_forward = 0
to
net.ipv4.ip_forward = 1
The change will be effective on the next reboot. To enable it immediately:
[root@pptp etc]# sysctl -p